diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..7015b20 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "noinst/mocklibc"] + path = noinst/mocklibc + url = https://code.google.com/p/mocklibc diff --git a/Makefile.am b/Makefile.am index 70d072c..a66e202 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,6 +1,6 @@ ## Process this file with automake to produce Makefile.in -SUBDIRS = actions data src docs po test +SUBDIRS = actions data src docs po noinst test NULL = diff --git a/autogen.sh b/autogen.sh index 4d25597..a1dc3e8 100755 --- a/autogen.sh +++ b/autogen.sh @@ -57,6 +57,16 @@ test -n "$NO_AUTOMAKE" || (aclocal --version) < /dev/null > /dev/null 2>&1 || { DIE=1 } + +# if no automake, don't bother testing for autoreconf +test -n "$NO_AUTOMAKE" || (autoreconf --version) < /dev/null > /dev/null 2>&1 || { + echo + echo "**Error**: You must have autoreconf installed." + echo "You can get autoreconf from ..." + DIE=1 +} + + if test "$DIE" -eq 1; then exit 1 fi @@ -75,6 +85,14 @@ esac aclocalinclude="$ACLOCAL_FLAGS" + test -d "${srcdir}/.git" -a ! -f "${srcdir}/noinst/mocklibc/configure.ac" && { + echo "Checking out mocklibc submodule..." + git submodule update --init + } + + echo "Running autoreconf on noinst/mocklibc ..." + (cd "noinst/mocklibc"; autoreconf --install) + if grep "^AM_PROG_LIBTOOL" configure.ac >/dev/null; then if test -z "$NO_LIBTOOLIZE" ; then echo "Running libtoolize..." diff --git a/configure.ac b/configure.ac index 89f48ca..619093b 100644 --- a/configure.ac +++ b/configure.ac @@ -8,6 +8,9 @@ AM_MAINTAINER_MODE m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) +# Include external mocklibc tool for unit testing +AC_CONFIG_SUBDIRS([noinst/mocklibc]) + # libtool versioning - this applies to all libraries in this package # # See http://sources.redhat.com/autobook/autobook/autobook_91.html#SEC91 for details @@ -422,6 +425,7 @@ po/Makefile.in test/Makefile test/polkit/Makefile test/polkitbackend/Makefile +noinst/Makefile ]) dnl ========================================================================== diff --git a/noinst/Makefile.am b/noinst/Makefile.am new file mode 100644 index 0000000..d7e78f7 --- /dev/null +++ b/noinst/Makefile.am @@ -0,0 +1,9 @@ + +SUBDIRS = mocklibc + +# Never install anything in this dir +install:; @: +install-exec:; @: +install-data:; @: +uninstall:; @: + diff --git a/src/polkit/Makefile.am b/src/polkit/Makefile.am index 9d7c4ce..5dc8feb 100644 --- a/src/polkit/Makefile.am +++ b/src/polkit/Makefile.am @@ -51,6 +51,7 @@ libpolkit_gobject_1include_HEADERS = \ polkitidentity.h \ polkitunixuser.h \ polkitunixgroup.h \ + polkitnetgroup.h \ polkitauthorizationresult.h \ polkitcheckauthorizationflags.h \ polkitimplicitauthorization.h \ @@ -73,6 +74,7 @@ libpolkit_gobject_1_la_SOURCES = \ polkitidentity.c polkitidentity.h \ polkitunixuser.c polkitunixuser.h \ polkitunixgroup.c polkitunixgroup.h \ + polkitnetgroup.c polkitnetgroup.h \ polkitauthorizationresult.c polkitauthorizationresult.h \ polkitcheckauthorizationflags.c polkitcheckauthorizationflags.h \ polkitimplicitauthorization.c polkitimplicitauthorization.h \ diff --git a/src/polkit/polkit.h b/src/polkit/polkit.h index f677ca1..3c3fe94 100644 --- a/src/polkit/polkit.h +++ b/src/polkit/polkit.h @@ -33,6 +33,7 @@ #include #include #include +#include #include #include #include diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c index 21c326b..2fe3b33 100644 --- a/src/polkit/polkitidentity.c +++ b/src/polkit/polkitidentity.c @@ -28,6 +28,7 @@ #include "polkitidentity.h" #include "polkitunixuser.h" #include "polkitunixgroup.h" +#include "polkitnetgroup.h" #include "polkiterror.h" #include "polkitprivate.h" @@ -177,6 +178,10 @@ polkit_identity_from_string (const gchar *str, identity = polkit_unix_group_new_for_name (str + sizeof "unix-group:" - 1, error); } + else if (g_str_has_prefix (str, "netgroup:")) + { + identity = polkit_net_group_new (str + sizeof "netgroup:" - 1); + } if (identity == NULL && (error != NULL && *error == NULL)) { @@ -214,6 +219,12 @@ polkit_identity_to_gvariant (PolkitIdentity *identity) g_variant_builder_add (&builder, "{sv}", "gid", g_variant_new_uint32 (polkit_unix_group_get_gid (POLKIT_UNIX_GROUP (identity)))); } + else if (POLKIT_IS_NET_GROUP (identity)) + { + kind = "netgroup"; + g_variant_builder_add (&builder, "{sv}", "name", + g_variant_new_string (polkit_net_group_get_name (POLKIT_NET_GROUP (identity)))); + } else { g_warning ("Unknown class %s implementing PolkitIdentity", g_type_name (G_TYPE_FROM_INSTANCE (identity))); @@ -326,6 +337,21 @@ polkit_identity_new_for_gvariant (GVariant *variant, ret = polkit_unix_group_new (gid); } + else if (g_strcmp0 (kind, "netgroup") == 0) + { + GVariant *v; + const char *name; + + v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error); + if (v == NULL) + { + g_prefix_error (error, "Error parsing net identity: "); + goto out; + } + name = g_variant_get_string (v, NULL); + ret = polkit_net_group_new (name); + g_variant_unref (v); + } else { g_set_error (error, diff --git a/src/polkit/polkitnetgroup.c b/src/polkit/polkitnetgroup.c new file mode 100644 index 0000000..5e48610 --- /dev/null +++ b/src/polkit/polkitnetgroup.c @@ -0,0 +1,242 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + * Author: Nikki VonHollen + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include +#include +#include "polkitnetgroup.h" +#include "polkitidentity.h" +#include "polkiterror.h" +#include "polkitprivate.h" + +/** + * SECTION:polkitunixgroup + * @title: PolkitNetGroup + * @short_description: Unix groups + * + * An object representing a group identity on a UNIX system. + */ + +/** + * PolkitNetGroup: + * + * The #PolkitNetGroup struct should not be accessed directly. + */ +struct _PolkitNetGroup +{ + GObject parent_instance; + + gchar *name; +}; + +struct _PolkitNetGroupClass +{ + GObjectClass parent_class; +}; + +enum +{ + PROP_0, + PROP_NAME, +}; + +static void identity_iface_init (PolkitIdentityIface *identity_iface); + +G_DEFINE_TYPE_WITH_CODE (PolkitNetGroup, polkit_net_group, G_TYPE_OBJECT, + G_IMPLEMENT_INTERFACE (POLKIT_TYPE_IDENTITY, identity_iface_init) + ); + +static void +polkit_net_group_init (PolkitNetGroup *net_group) +{ + net_group->name = NULL; +} + +static void +polkit_net_group_finalize (GObject *object) +{ + PolkitNetGroup *net_group = POLKIT_NET_GROUP (object); + + g_free(net_group->name); + + G_OBJECT_CLASS (polkit_net_group_parent_class)->finalize (object); +} + +static void +polkit_net_group_get_property (GObject *object, + guint prop_id, + GValue *value, + GParamSpec *pspec) +{ + PolkitNetGroup *net_group = POLKIT_NET_GROUP (object); + + switch (prop_id) + { + case PROP_NAME: + g_value_set_string (value, polkit_net_group_get_name (net_group)); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +polkit_net_group_set_property (GObject *object, + guint prop_id, + const GValue *value, + GParamSpec *pspec) +{ + PolkitNetGroup *net_group = POLKIT_NET_GROUP (object); + + switch (prop_id) + { + case PROP_NAME: + polkit_net_group_set_name (net_group, g_value_get_string (value)); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +polkit_net_group_class_init (PolkitNetGroupClass *klass) +{ + GObjectClass *gobject_class = G_OBJECT_CLASS (klass); + + gobject_class->finalize = polkit_net_group_finalize; + gobject_class->get_property = polkit_net_group_get_property; + gobject_class->set_property = polkit_net_group_set_property; + + /** + * PolkitNetGroup:name: + * + * The NIS netgroup name. + */ + g_object_class_install_property (gobject_class, + PROP_NAME, + g_param_spec_string ("name", + "Group Name", + "The NIS netgroup name", + NULL, + G_PARAM_CONSTRUCT | + G_PARAM_READWRITE | + G_PARAM_STATIC_NAME | + G_PARAM_STATIC_BLURB | + G_PARAM_STATIC_NICK)); + +} + +/** + * polkit_net_group_get_name: + * @group: A #PolkitNetGroup. + * + * Gets the netgroup name for @group. + * + * Returns: A netgroup name string. + */ +const gchar * +polkit_net_group_get_name (PolkitNetGroup *group) +{ + g_return_val_if_fail (POLKIT_IS_NET_GROUP (group), NULL); + return group->name; +} + +/** + * polkit_net_group_set_gid: + * @group: A #PolkitNetGroup. + * @name: A netgroup name. + * + * Sets @name for @group. + */ +void +polkit_net_group_set_name (PolkitNetGroup *group, + const gchar * name) +{ + g_return_if_fail (POLKIT_IS_NET_GROUP (group)); + g_free(group->name); + group->name = g_strdup(name); +} + +/** + * polkit_net_group_new: + * @name: A netgroup name. + * + * Creates a new #PolkitNetGroup object for @name. + * + * Returns: (transfer full): A #PolkitNetGroup object. Free with g_object_unref(). + */ +PolkitIdentity * +polkit_net_group_new (const gchar *name) +{ + g_return_val_if_fail (name != NULL, NULL); + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_NET_GROUP, + "name", name, + NULL)); +} + +static guint +polkit_net_group_hash (PolkitIdentity *identity) +{ + PolkitNetGroup *group; + + group = POLKIT_NET_GROUP (identity); + + return g_str_hash(group->name); +} + +static gboolean +polkit_net_group_equal (PolkitIdentity *a, + PolkitIdentity *b) +{ + PolkitNetGroup *group_a; + PolkitNetGroup *group_b; + + group_a = POLKIT_NET_GROUP (a); + group_b = POLKIT_NET_GROUP (b); + + if (g_strcmp0(group_a->name, group_b->name) == 0) + return TRUE; + else + return FALSE; +} + +static gchar * +polkit_net_group_to_string (PolkitIdentity *identity) +{ + PolkitNetGroup *group = POLKIT_NET_GROUP (identity); + return g_strconcat("netgroup:", group->name, NULL); +} + +static void +identity_iface_init (PolkitIdentityIface *identity_iface) +{ + identity_iface->hash = polkit_net_group_hash; + identity_iface->equal = polkit_net_group_equal; + identity_iface->to_string = polkit_net_group_to_string; +} diff --git a/src/polkit/polkitnetgroup.h b/src/polkit/polkitnetgroup.h new file mode 100644 index 0000000..99c6bc3 --- /dev/null +++ b/src/polkit/polkitnetgroup.h @@ -0,0 +1,58 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + * Author: Nikki VonHollen + */ + +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + +#ifndef __POLKIT_NET_GROUP_H +#define __POLKIT_NET_GROUP_H + +#include +#include +#include +#include +#include + +G_BEGIN_DECLS + +#define POLKIT_TYPE_NET_GROUP (polkit_net_group_get_type()) +#define POLKIT_NET_GROUP(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_TYPE_NET_GROUP, PolkitNetGroup)) +#define POLKIT_NET_GROUP_CLASS(k) (G_TYPE_CHECK_CLASS_CAST((k), POLKIT_TYPE_NET_GROUP, PolkitNetGroupClass)) +#define POLKIT_NET_GROUP_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), POLKIT_TYPE_NET_GROUP, PolkitNetGroupClass)) +#define POLKIT_IS_NET_GROUP(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_TYPE_NET_GROUP)) +#define POLKIT_IS_NET_GROUP_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), POLKIT_TYPE_NET_GROUP)) + +#if 0 +typedef struct _PolkitNetGroup PolkitNetGroup; +#endif +typedef struct _PolkitNetGroupClass PolkitNetGroupClass; + +GType polkit_net_group_get_type (void) G_GNUC_CONST; +PolkitIdentity *polkit_net_group_new (const gchar *name); +const gchar *polkit_net_group_get_name (PolkitNetGroup *group); +void polkit_net_group_set_name (PolkitNetGroup *group, + const gchar *name); + +G_END_DECLS + +#endif /* __POLKIT_NET_GROUP_H */ diff --git a/src/polkit/polkittypes.h b/src/polkit/polkittypes.h index 636b418..b55d8b2 100644 --- a/src/polkit/polkittypes.h +++ b/src/polkit/polkittypes.h @@ -49,6 +49,9 @@ typedef struct _PolkitUnixUser PolkitUnixUser; struct _PolkitUnixGroup; typedef struct _PolkitUnixGroup PolkitUnixGroup; +struct _PolkitNetGroup; +typedef struct _PolkitNetGroup PolkitNetGroup; + struct _PolkitAuthorizationResult; typedef struct _PolkitAuthorizationResult PolkitAuthorizationResult; diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c index 1c9cf49..a9b092b 100644 --- a/src/polkit/polkitunixuser.c +++ b/src/polkit/polkitunixuser.c @@ -49,6 +49,7 @@ struct _PolkitUnixUser GObject parent_instance; gint uid; + gchar *name; }; struct _PolkitUnixUserClass @@ -71,6 +72,17 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT, static void polkit_unix_user_init (PolkitUnixUser *unix_user) { + unix_user->name = NULL; +} + +static void +polkit_unix_user_finalize (GObject *object) +{ + PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object); + + g_free(unix_user->name); + + G_OBJECT_CLASS (polkit_unix_user_parent_class)->finalize (object); } static void @@ -118,6 +130,7 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass) { GObjectClass *gobject_class = G_OBJECT_CLASS (klass); + gobject_class->finalize = polkit_unix_user_finalize; gobject_class->get_property = polkit_unix_user_get_property; gobject_class->set_property = polkit_unix_user_set_property; @@ -228,6 +241,29 @@ polkit_unix_user_new_for_name (const gchar *name, return identity; } +/** + * polkit_unix_user_get_name: + * @user: A #PolkitUnixUser. + * + * Get the user's name. + * + * Returns: (allow-none) (transfer none): User name string or %NULL if user uid not found. + */ +const gchar * +polkit_unix_user_get_name (PolkitUnixUser *user) +{ + if (!user->name) + { + struct passwd *passwd; + passwd = getpwuid (user->uid); + + if (passwd) + user->name = g_strdup(passwd->pw_name); + } + + return user->name; +} + static gboolean polkit_unix_user_equal (PolkitIdentity *a, PolkitIdentity *b) @@ -255,14 +291,12 @@ static gchar * polkit_unix_user_to_string (PolkitIdentity *identity) { PolkitUnixUser *user = POLKIT_UNIX_USER (identity); - struct passwd *passwd; - - passwd = getpwuid (user->uid); + const gchar *user_name = polkit_unix_user_get_name(user); - if (passwd == NULL) - return g_strdup_printf ("unix-user:%d", user->uid); + if (user_name) + return g_strdup_printf ("unix-user:%s", user_name); else - return g_strdup_printf ("unix-user:%s", passwd->pw_name); + return g_strdup_printf ("unix-user:%d", user->uid); } static void diff --git a/src/polkit/polkitunixuser.h b/src/polkit/polkitunixuser.h index 8d4a9e1..2f227d4 100644 --- a/src/polkit/polkitunixuser.h +++ b/src/polkit/polkitunixuser.h @@ -53,6 +53,7 @@ PolkitIdentity *polkit_unix_user_new_for_name (const gchar *name, gint polkit_unix_user_get_uid (PolkitUnixUser *user); void polkit_unix_user_set_uid (PolkitUnixUser *user, gint uid); +const gchar *polkit_unix_user_get_name (PolkitUnixUser *user); G_END_DECLS diff --git a/src/polkitbackend/polkitbackendlocalauthority.c b/src/polkitbackend/polkitbackendlocalauthority.c index 0f3cd65..9a31e5f 100644 --- a/src/polkitbackend/polkitbackendlocalauthority.c +++ b/src/polkitbackend/polkitbackendlocalauthority.c @@ -23,6 +23,7 @@ #include #include #include +#include #include #include #include @@ -52,6 +53,9 @@ static GList *get_users_in_group (PolkitIdentity *group, gboolean include_root); +static GList *get_users_in_net_group (PolkitIdentity *group, + gboolean include_root); + static GList *get_groups_for_user (PolkitIdentity *user); /* ---------------------------------------------------------------------------------------------------- */ @@ -507,6 +511,10 @@ polkit_backend_local_authority_get_admin_auth_identities (PolkitBackendInteracti { ret = g_list_concat (ret, get_users_in_group (identity, FALSE)); } + else if (POLKIT_IS_NET_GROUP (identity)) + { + ret = g_list_concat (ret, get_users_in_net_group (identity, FALSE)); + } else { g_warning ("Unsupported identity %s", admin_identities[n]); @@ -660,7 +668,7 @@ get_users_in_group (PolkitIdentity *group, PolkitIdentity *user; GError *error; - if (!include_root && strcmp (grp->gr_mem[n], "root") == 0) + if (!include_root && g_strcmp0 (grp->gr_mem[n], "root") == 0) continue; error = NULL; @@ -683,6 +691,59 @@ get_users_in_group (PolkitIdentity *group, } static GList * +get_users_in_net_group (PolkitIdentity *group, + gboolean include_root) +{ + const gchar *name; + GList *ret; + + ret = NULL; + name = polkit_net_group_get_name (POLKIT_NET_GROUP (group)); + + if (setnetgrent (name) == 0) + { + g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno)); + goto out; + } + + for (;;) + { + char *hostname, *username, *domainname; + PolkitIdentity *user; + GError *error = NULL; + + if (getnetgrent (&hostname, &username, &domainname) == 0) + break; + + // Skip NULL entries since we never want to make everyone an admin + // Skip "-" entries which mean "no match ever" in netgroup land + if (!username || !g_strcmp0 (username, "-")) + continue; + + // TODO: Should we match on hostname? Maybe only allow "-" as a hostname + // for safety. + + user = polkit_unix_user_new_for_name (username, &error); + if (user == NULL) + { + g_warning ("Unknown username '%s' in netgroup: %s", username, error->message); + g_error_free (error); + } + else + { + ret = g_list_prepend (ret, user); + } + } + + ret = g_list_reverse (ret); + + out: + endnetgrent (); + return ret; +} + + +static GList * get_groups_for_user (PolkitIdentity *user) { uid_t uid; diff --git a/src/polkitbackend/polkitbackendlocalauthorizationstore.c b/src/polkitbackend/polkitbackendlocalauthorizationstore.c index d10121f..62141ca 100644 --- a/src/polkitbackend/polkitbackendlocalauthorizationstore.c +++ b/src/polkitbackend/polkitbackendlocalauthorizationstore.c @@ -21,6 +21,7 @@ #include "config.h" +#include #include #include #include "polkitbackendlocalauthorizationstore.h" @@ -74,7 +75,12 @@ typedef struct { gchar *id; + // Identities with glob support GList *identity_specs; + + // Netgroup identity strings, which can not support glob syntax + GList *netgroup_identities; + GList *action_specs; PolkitImplicitAuthorization result_any; @@ -90,6 +96,7 @@ local_authorization_free (LocalAuthorization *authorization) g_free (authorization->id); g_list_foreach (authorization->identity_specs, (GFunc) g_pattern_spec_free, NULL); g_list_free (authorization->identity_specs); + g_list_free_full (authorization->netgroup_identities, g_free); g_list_foreach (authorization->action_specs, (GFunc) g_pattern_spec_free, NULL); g_list_free (authorization->action_specs); if (authorization->return_value != NULL) @@ -135,8 +142,13 @@ local_authorization_new (GKeyFile *key_file, } for (n = 0; identity_strings[n] != NULL; n++) { - authorization->identity_specs = g_list_prepend (authorization->identity_specs, - g_pattern_spec_new (identity_strings[n])); + // Put netgroup entries in a seperate list from other identities who support glob syntax + if (g_str_has_prefix (identity_strings[n], "netgroup:")) + authorization->netgroup_identities = g_list_prepend (authorization->netgroup_identities, + g_strdup (identity_strings[n] + 9)); + else + authorization->identity_specs = g_list_prepend (authorization->identity_specs, + g_pattern_spec_new (identity_strings[n])); } action_strings = g_key_file_get_string_list (key_file, @@ -704,15 +716,31 @@ polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorization if (ll == NULL) continue; - /* then match the identity */ + /* then match the identity against identity specs */ if (identity_string == NULL) identity_string = polkit_identity_to_string (identity); - for (ll = authorization->identity_specs; ll != NULL; ll = ll->next) + for (ll = authorization->identity_specs; ll; ll = ll->next) { if (g_pattern_match_string ((GPatternSpec *) ll->data, identity_string)) break; } - if (ll == NULL) + + /* if no identity specs matched and identity is a user, match against netgroups */ + if (!ll && POLKIT_IS_UNIX_USER (identity)) + { + PolkitUnixUser *user_identity = POLKIT_UNIX_USER (identity); + const gchar *user_name = polkit_unix_user_get_name (user_identity); + if (!user_name) + continue; + + for (ll = authorization->netgroup_identities; ll; ll = ll->next) + { + if (innetgr ((const gchar *) ll->data, NULL, user_name, NULL)) + break; + } + } + + if (!ll) continue; /* Yay, a match! However, keep going since subsequent authorization entries may modify the result */ diff --git a/test/Makefile.am b/test/Makefile.am index 9927eab..86a806c 100644 --- a/test/Makefile.am +++ b/test/Makefile.am @@ -6,6 +6,14 @@ check_LTLIBRARIES = libpolkit-test-helper.la libpolkit_test_helper_la_SOURCES = polkittesthelper.c polkittesthelper.h libpolkit_test_helper_la_LIBADD = $(GLIB_LIBS) +EXTRA_DIST = data + +# Use mocklibc to override NSS services for tests +export MOCK_PASSWD := $(abs_top_srcdir)/test/data/etc/passwd +export MOCK_GROUP := $(abs_top_srcdir)/test/data/etc/group +export MOCK_NETGROUP := $(abs_top_srcdir)/test/data/etc/netgroup +export TESTS_ENVIRONMENT := $(abs_top_srcdir)/noinst/mocklibc/bin/mocklibc clean-local : rm -f *~ + diff --git a/test/data/etc/group b/test/data/etc/group new file mode 100644 index 0000000..12ef328 --- /dev/null +++ b/test/data/etc/group @@ -0,0 +1,7 @@ +root:x:0: +users:x:100:john,jane +admin:x:101:sally,henry +john:x:500: +jane:x:501: +sally:x:502: +henry:x:503: diff --git a/test/data/etc/netgroup b/test/data/etc/netgroup new file mode 100644 index 0000000..21a27f9 --- /dev/null +++ b/test/data/etc/netgroup @@ -0,0 +1,5 @@ +foo (-,john,) +bar (-,jane,) +baz foo bar +all (,,) +none diff --git a/test/data/etc/passwd b/test/data/etc/passwd new file mode 100644 index 0000000..8544feb --- /dev/null +++ b/test/data/etc/passwd @@ -0,0 +1,5 @@ +root:x:0:0:root:/root:/bin/bash +john:x:500:500:John Done:/home/john:/bin/bash +jane:x:501:501:Jane Smith:/home/jane:/bin/bash +sally:x:502:502:Sally Derp:/home/sally:/bin/bash +henry:x:503:503:Henry Herp:/home/henry:/bin/bash diff --git a/test/data/etc/polkit-1/localauthority.conf.d/10-test.conf b/test/data/etc/polkit-1/localauthority.conf.d/10-test.conf new file mode 100644 index 0000000..6753e49 --- /dev/null +++ b/test/data/etc/polkit-1/localauthority.conf.d/10-test.conf @@ -0,0 +1,2 @@ +[Configuration] +AdminIdentities=unix-user:root;netgroup:bar;unix-group:admin diff --git a/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla b/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla new file mode 100644 index 0000000..52e9830 --- /dev/null +++ b/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla @@ -0,0 +1,14 @@ +[Users and Root can do Foo] +Identity=unix-group:users;unix-user:root +Action=com.example.awesomeproduct.foo +ResultAny=no +ResultInactive=auth_self +ResultActive=yes + +[Users in netgroup baz can do Bar] +Identity=netgroup:baz +Action=com.example.awesomeproduct.bar +ResultAny=no +ResultInactive=auth_self +ResultActive=yes + diff --git a/test/data/var/lib/polkit-1/localauthority/10-test/com.example.pkla b/test/data/var/lib/polkit-1/localauthority/10-test/com.example.pkla new file mode 100644 index 0000000..f013c5b --- /dev/null +++ b/test/data/var/lib/polkit-1/localauthority/10-test/com.example.pkla @@ -0,0 +1,6 @@ +[Super Secret Project Permissions] +Identity=unix-user:root +Action=com.example.restrictedproduct.* +ResultAny=no +ResultInactive=no +ResultActive=auth_self diff --git a/test/polkit/Makefile.am b/test/polkit/Makefile.am index 70fbf67..4c0d68e 100644 --- a/test/polkit/Makefile.am +++ b/test/polkit/Makefile.am @@ -16,6 +16,8 @@ INCLUDES = \ $(NULL) AM_CFLAGS = \ + -D_POLKIT_COMPILATION \ + -D_POLKIT_BACKEND_COMPILATION \ $(GLIB_CFLAGS) \ $(NULL) @@ -34,6 +36,9 @@ polkitunixusertest_SOURCES = polkitunixusertest.c TEST_PROGS += polkitunixgrouptest polkitunixgrouptest_SOURCES = polkitunixgrouptest.c +TEST_PROGS += polkitnetgrouptest +polkitnetgrouptest_SOURCES = polkitnetgrouptest.c + TEST_PROGS += polkitidentitytest polkitidentitytest_SOURCES = polkitidentitytest.c diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c index edbc765..33c00d4 100644 --- a/test/polkit/polkitidentitytest.c +++ b/test/polkit/polkitidentitytest.c @@ -21,115 +21,149 @@ #include "glib.h" #include +#include +/* Test helper types */ -static void -test_user_from_string (void) -{ - PolkitIdentity *identity; - PolkitUnixUser *user; - GError *error = NULL; - - identity = polkit_identity_from_string ("unix-user:root", &error); - g_assert (identity); - g_assert_no_error (error); - g_assert (POLKIT_IS_UNIX_USER (identity)); +struct comparison_test_data_type { + const gchar *subject_a; + const gchar *subject_b; + gboolean equal; +}; - user = POLKIT_UNIX_USER (identity); - g_assert (user); - - g_object_unref (user); -} +/* Test definitions */ static void -test_group_from_string (void) +test_string (const void *_subject) { + const gchar *subject = (const gchar *) _subject; + PolkitIdentity *identity; - PolkitUnixGroup *group; GError *error = NULL; + gchar *subject_new; - identity = polkit_identity_from_string ("unix-group:root", &error); + // Create the subject from a string + identity = polkit_identity_from_string (subject, &error); g_assert (identity); g_assert_no_error (error); - g_assert (POLKIT_IS_UNIX_GROUP (identity)); - group = POLKIT_UNIX_GROUP (identity); - g_assert (group); + // Create new string for identity + subject_new = polkit_identity_to_string (identity); + + // Make sure they match + g_assert_cmpstr (subject_new, ==, subject); - g_object_unref (group); + g_free (subject_new); + g_object_unref (identity); } static void -test_user_to_string (void) +test_gvariant (const void *_subject) { - PolkitIdentity *identity; + const gchar *subject = (const gchar *) _subject; + + PolkitIdentity *identity, *new_identity; GError *error = NULL; - gchar *value; + GVariant *value; - identity = polkit_identity_from_string ("unix-user:root", &error); + // Create the subject from a string + identity = polkit_identity_from_string (subject, &error); + g_assert_no_error (error); g_assert (identity); + + // Create a GVariant for the subject + value = polkit_identity_to_gvariant (identity); + g_assert (value); + + // Unserialize the subject + new_identity = polkit_identity_new_for_gvariant (value, &error); g_assert_no_error (error); + g_assert (new_identity); + g_variant_unref (value); - value = polkit_identity_to_string (identity); - g_assert_cmpstr (value, ==, "unix-user:root"); + // Make sure the two identities are equal + g_assert (new_identity); + g_assert (polkit_identity_equal (identity, new_identity)); - g_free (value); g_object_unref (identity); + g_object_unref (new_identity); } static void -test_group_to_string (void) +test_comparison (const void *_data) { - PolkitIdentity *identity; + struct comparison_test_data_type *data = (struct comparison_test_data_type *) _data; + + PolkitIdentity *identity_a, *identity_b; GError *error = NULL; - gchar *value; + guint hash_a, hash_b; - identity = polkit_identity_from_string ("unix-group:root", &error); - g_assert (identity); + // Create identities A and B + identity_a = polkit_identity_from_string (data->subject_a, &error); g_assert_no_error (error); + g_assert (identity_a); - value = polkit_identity_to_string (identity); - g_assert_cmpstr (value, ==, "unix-group:root"); - - g_free (value); - g_object_unref (identity); -} - + identity_b = polkit_identity_from_string (data->subject_b, &error); + g_assert_no_error (error); + g_assert (identity_b); -static void -test_equal (void) -{ - PolkitIdentity *identity_a, *identity_b; - GError *error = NULL; + // Compute their hashes + hash_a = polkit_identity_hash (identity_a); + hash_b = polkit_identity_hash (identity_b); - identity_a = polkit_identity_from_string ("unix-group:root", &error); - identity_b = polkit_identity_from_string ("unix-group:root", &error); - g_assert (polkit_identity_equal (identity_a, identity_b)); + // Comparison to self should always work + g_assert (polkit_identity_equal (identity_a, identity_a)); + + // Are A and B supposed to match? Test hash and comparators + if (data->equal) + { + g_assert_cmpint (hash_a, ==, hash_b); + g_assert (polkit_identity_equal (identity_a, identity_b)); + } + else + { + g_assert_cmpint (hash_a, !=, hash_b); + g_assert (!polkit_identity_equal (identity_a, identity_b)); + } g_object_unref (identity_a); g_object_unref (identity_b); } -static void -test_hash (void) -{ - PolkitIdentity *identity_a, *identity_b; - guint hash_a, hash_b; - GError *error = NULL; +/* Test helpers */ - identity_a = polkit_identity_from_string ("unix-group:root", &error); - identity_b = polkit_identity_from_string ("unix-group:root", &error); +struct comparison_test_data_type comparison_test_data [] = { + {"unix-user:root", "unix-user:root", TRUE}, + {"unix-user:root", "unix-user:john", FALSE}, + {"unix-user:john", "unix-user:john", TRUE}, - hash_a = polkit_identity_hash (identity_a); - hash_b = polkit_identity_hash (identity_b); - g_assert_cmpint (hash_a, ==, hash_b); + {"unix-group:root", "unix-group:root", TRUE}, + {"unix-group:root", "unix-group:jane", FALSE}, + {"unix-group:jane", "unix-group:jane", TRUE}, - g_object_unref (identity_a); - g_object_unref (identity_b); + {"netgroup:foo", "netgroup:foo", TRUE}, + {"netgroup:foo", "netgroup:bar", FALSE}, + + {"unix-user:root", "unix-group:root", FALSE}, + {"unix-user:jane", "netgroup:foo", FALSE}, + + {NULL}, +}; + +static void +add_comparison_tests (void) +{ + unsigned int i; + for (i = 0; comparison_test_data[i].subject_a; i++) + { + struct comparison_test_data_type *test_data = &comparison_test_data[i]; + gchar *test_name = g_strdup_printf ("/PolkitIdentity/comparison_%d", i); + g_test_add_data_func (test_name, test_data, test_comparison); + } } @@ -138,11 +172,23 @@ main (int argc, char *argv[]) { g_type_init (); g_test_init (&argc, &argv, NULL); - g_test_add_func ("/PolkitIdentity/user_from_string", test_user_from_string); - g_test_add_func ("/PolkitIdentity/user_to_string", test_user_to_string); - g_test_add_func ("/PolkitIdentity/group_from_string", test_group_from_string); - g_test_add_func ("/PolkitIdentity/group_to_string", test_group_to_string); - g_test_add_func ("/PolkitIdentity/equal", test_equal); - g_test_add_func ("/PolkitIdentity/hash", test_hash); + + g_test_add_data_func ("/PolkitIdentity/user_string_0", "unix-user:root", test_string); + g_test_add_data_func ("/PolkitIdentity/user_string_1", "unix-user:john", test_string); + g_test_add_data_func ("/PolkitIdentity/user_string_2", "unix-user:jane", test_string); + + g_test_add_data_func ("/PolkitIdentity/group_string_0", "unix-group:root", test_string); + g_test_add_data_func ("/PolkitIdentity/group_string_1", "unix-group:john", test_string); + g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string); + g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string); + + g_test_add_data_func ("/PolkitIdentity/netgroup_string", "netgroup:foo", test_string); + + g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant); + g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant); + g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "netgroup:foo", test_gvariant); + + add_comparison_tests (); + return g_test_run (); } diff --git a/test/polkit/polkitnetgrouptest.c b/test/polkit/polkitnetgrouptest.c new file mode 100644 index 0000000..e426bbe --- /dev/null +++ b/test/polkit/polkitnetgrouptest.c @@ -0,0 +1,76 @@ +/* + * Copyright (C) 2011 Google Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: Nikki VonHollen + */ + +#include "glib.h" +#include +#include + + +static void +test_new (void) +{ + PolkitNetGroup *netgroup; + const char *netgroup_name; + + netgroup = POLKIT_NET_GROUP (polkit_net_group_new ("testgroup")); + g_assert (netgroup); + + netgroup_name = polkit_net_group_get_name (netgroup); + g_assert_cmpstr (netgroup_name, ==, "testgroup"); + + g_object_unref (netgroup); +} + + +static void +test_set_name (void) +{ + PolkitNetGroup *netgroup; + const char *netgroup_name; + char new_name_buf [] = "foo"; + + netgroup = POLKIT_NET_GROUP (polkit_net_group_new ("testgroup")); + + polkit_net_group_set_name (netgroup, new_name_buf); + netgroup_name = polkit_net_group_get_name (netgroup); + g_assert_cmpstr (netgroup_name, ==, "foo"); + + memcpy(new_name_buf, "bar", 3); + netgroup_name = polkit_net_group_get_name (netgroup); + g_assert_cmpstr (netgroup_name, ==, "foo"); + + polkit_net_group_set_name (netgroup, new_name_buf); + netgroup_name = polkit_net_group_get_name (netgroup); + g_assert_cmpstr (netgroup_name, ==, "bar"); + + g_object_unref (netgroup); +} + + +int +main (int argc, char *argv[]) +{ + g_type_init (); + g_test_init (&argc, &argv, NULL); + g_test_add_func ("/PolkitNetGroup/new", test_new); + g_test_add_func ("/PolkitNetGroup/set_name", test_set_name); + return g_test_run (); +} diff --git a/test/polkit/polkitunixusertest.c b/test/polkit/polkitunixusertest.c index 1ad0a65..6c81fdd 100644 --- a/test/polkit/polkitunixusertest.c +++ b/test/polkit/polkitunixusertest.c @@ -22,36 +22,58 @@ #include "glib.h" #include +struct user_entry { + const gchar *name; + gint uid; +}; + +static struct user_entry user_entries [] = { + {"root", 0}, + {"john", 500}, + {"jane", 501}, + {NULL}, +}; static void test_new (void) { - PolkitUnixUser *user; + unsigned int i; + for (i = 0; user_entries[i].name; i++) { + gint uid = user_entries[i].uid; - user = POLKIT_UNIX_USER (polkit_unix_user_new (0)); - g_assert (user); + PolkitUnixUser *user; - gint user_uid = polkit_unix_user_get_uid (user); - g_assert_cmpint (user_uid, ==, 0); + user = POLKIT_UNIX_USER (polkit_unix_user_new (uid)); + g_assert (user); - g_object_unref (user); + gint user_uid = polkit_unix_user_get_uid (user); + g_assert_cmpint (user_uid, ==, uid); + + g_object_unref (user); + } } static void test_new_for_name (void) { - GError *error = NULL; - PolkitUnixUser *user; + unsigned int i; + for (i = 0; user_entries[i].name; i++) { + const gchar *name = user_entries[i].name; + gint expect_uid = user_entries[i].uid; - user = POLKIT_UNIX_USER (polkit_unix_user_new_for_name ("root", &error)); - g_assert (user); - g_assert_no_error (error); + GError *error = NULL; + PolkitUnixUser *user; - gint user_uid = polkit_unix_user_get_uid (user); - g_assert_cmpint (user_uid, ==, 0); + user = POLKIT_UNIX_USER (polkit_unix_user_new_for_name (name, &error)); + g_assert (user); + g_assert_no_error (error); - g_object_unref (user); + gint user_uid = polkit_unix_user_get_uid (user); + g_assert_cmpint (user_uid, ==, expect_uid); + + g_object_unref (user); + } } diff --git a/test/polkitbackend/data/authstore1/10-test/com.example.pkla b/test/polkitbackend/data/authstore1/10-test/com.example.pkla deleted file mode 100644 index e716465..0000000 --- a/test/polkitbackend/data/authstore1/10-test/com.example.pkla +++ /dev/null @@ -1,6 +0,0 @@ -[Normal Staff Permissions] -Identity=unix-group:users;unix-user:root -Action=com.example.awesomeproduct.* -ResultAny=no -ResultInactive=auth_self -ResultActive=yes diff --git a/test/polkitbackend/data/authstore2/10-test/com.example.pkla b/test/polkitbackend/data/authstore2/10-test/com.example.pkla deleted file mode 100644 index f013c5b..0000000 --- a/test/polkitbackend/data/authstore2/10-test/com.example.pkla +++ /dev/null @@ -1,6 +0,0 @@ -[Super Secret Project Permissions] -Identity=unix-user:root -Action=com.example.restrictedproduct.* -ResultAny=no -ResultInactive=no -ResultActive=auth_self diff --git a/test/polkitbackend/polkitbackendlocalauthoritytest.c b/test/polkitbackend/polkitbackendlocalauthoritytest.c index f76ea41..252ddf2 100644 --- a/test/polkitbackend/polkitbackendlocalauthoritytest.c +++ b/test/polkitbackend/polkitbackendlocalauthoritytest.c @@ -25,9 +25,9 @@ #include #include -#define TEST_CONFIG_PATH "./data/config" -#define TEST_AUTH_PATH1 "./data/authstore1" -#define TEST_AUTH_PATH2 "./data/authstore2" +#define TEST_CONFIG_PATH "../data/etc/polkit-1/localauthority.conf.d" +#define TEST_AUTH_PATH1 "../data/etc/polkit-1/localauthority" +#define TEST_AUTH_PATH2 "../data/var/lib/polkit-1/localauthority" /* Test helper types */ @@ -93,6 +93,64 @@ test_check_authorization_sync (const void *_ctx) g_object_unref (out_details); } +static void +test_get_admin_identities (void) +{ + // Note: The implementation for get_admin_identities is called + // get_admin_auth_identities in PolkitBackendLocalAuthority + + PolkitBackendLocalAuthority *authority = create_authority (); + + // Setup required arguments, but none of their values matter + PolkitSubject *caller = polkit_unix_session_new ("caller-session"); + g_assert (caller); + + PolkitSubject *subject = polkit_unix_session_new ("subject-session");; + g_assert (subject); + + GError *error = NULL; + PolkitIdentity *user_for_subject = polkit_identity_from_string ("unix-user:root", &error); + g_assert_no_error (error); + g_assert (user_for_subject); + + PolkitDetails *details = polkit_details_new (); + g_assert (details); + + // Get the list of PolkitUnixUser objects who are admins + GList *result; + result = polkit_backend_interactive_authority_get_admin_identities ( + POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority), + caller, + subject, + user_for_subject, + "com.example.doesntmatter", + details); + + guint result_len = g_list_length (result); + g_assert_cmpint (result_len, >, 0); + + // Test against each of the admins in the following list + const gchar *expect_admins [] = { + "unix-user:root", + "unix-user:jane", + "unix-user:sally", + "unix-user:henry", + NULL, + }; + + unsigned int i; + for (i = 0; expect_admins[i]; i++) + { + g_assert_cmpint (i, <, result_len); + + PolkitIdentity *test_identity = POLKIT_IDENTITY (g_list_nth_data (result, i)); + g_assert (test_identity); + + gchar *test_identity_str = polkit_identity_to_string (test_identity); + g_assert_cmpstr (expect_admins[i], ==, test_identity_str); + } +} + /* Factory for mock local authority. */ static PolkitBackendLocalAuthority * @@ -108,6 +166,7 @@ create_authority (void) /* Variations of the check_authorization_sync */ struct auth_context check_authorization_test_data [] = { + // Test root, john, and jane on action awesomeproduct.foo (all users are ok) {"unix-user:root", TRUE, TRUE, "com.example.awesomeproduct.foo", POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, @@ -117,12 +176,41 @@ struct auth_context check_authorization_test_data [] = { {"unix-user:root", FALSE, FALSE, "com.example.awesomeproduct.foo", POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED}, + {"unix-user:john", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, + {"unix-user:jane", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, + + // Test root, john, and jane on action restrictedproduct.foo (only root is ok) {"unix-user:root", TRUE, TRUE, "com.example.restrictedproduct.foo", POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED}, + {"unix-user:john", TRUE, TRUE, "com.example.restrictedproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + {"unix-user:jane", TRUE, TRUE, "com.example.restrictedproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + + // Test root against some missing actions {"unix-user:root", TRUE, TRUE, "com.example.missingproduct.foo", POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + + // Test root, john, and jane against action awesomeproduct.bar + // which uses "netgroup:baz" for auth (john and jane are OK, root is not) + {"unix-user:root", TRUE, TRUE, "com.example.awesomeproduct.bar", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + {"unix-user:john", TRUE, TRUE, "com.example.awesomeproduct.bar", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, + {"unix-user:jane", TRUE, TRUE, "com.example.awesomeproduct.bar", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, + {NULL}, }; @@ -135,7 +223,7 @@ add_check_authorization_tests (void) { struct auth_context *ctx = &check_authorization_test_data[i]; gchar *test_name = g_strdup_printf ( "/PolkitBackendLocalAuthority/check_authorization_sync_%d", i); - g_test_add_data_func(test_name, ctx, test_check_authorization_sync); + g_test_add_data_func (test_name, ctx, test_check_authorization_sync); } }; @@ -154,5 +242,7 @@ main (int argc, char *argv[]) POLKIT_BACKEND_TYPE_AUTHORITY); add_check_authorization_tests (); + g_test_add_func ("/PolkitBackendLocalAuthority/get_admin_identities", test_get_admin_identities); + return g_test_run (); }; diff --git a/test/polkitbackend/polkitbackendlocalauthorizationstoretest.c b/test/polkitbackend/polkitbackendlocalauthorizationstoretest.c index 617acf9..3e4a36b 100644 --- a/test/polkitbackend/polkitbackendlocalauthorizationstoretest.c +++ b/test/polkitbackend/polkitbackendlocalauthorizationstoretest.c @@ -25,7 +25,7 @@ #include #include -#define DATA_DIR "./data/authstore1/10-test" +#define DATA_DIR "../data/etc/polkit-1/localauthority/10-test" #define DATA_EXT ".pkla" static void @@ -63,7 +63,7 @@ test_lookup (void) details = polkit_details_new (); // Create an identity to query with - identity = polkit_identity_from_string("unix-group:users", &error); + identity = polkit_identity_from_string ("unix-group:users", &error); g_assert (identity); g_assert_no_error (error); @@ -71,7 +71,7 @@ test_lookup (void) ok = polkit_backend_local_authorization_store_lookup ( store, identity, - "com.example.awesomeproduct.dofoo", + "com.example.awesomeproduct.foo", details, &ret_any, &ret_inactive, @@ -83,7 +83,7 @@ test_lookup (void) g_assert_cmpstr ("yes", ==, polkit_implicit_authorization_to_string (ret_active)); // Create another identity to query with - identity = polkit_identity_from_string("unix-user:root", &error); + identity = polkit_identity_from_string ("unix-user:root", &error); g_assert (identity); g_assert_no_error (error); @@ -91,7 +91,7 @@ test_lookup (void) ok = polkit_backend_local_authorization_store_lookup ( store, identity, - "com.example.awesomeproduct.dofoo", + "com.example.awesomeproduct.foo", details, &ret_any, &ret_inactive,